package servlets;

import dto.LoggedUser;
import java.io.IOException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import util.Constants;
import util.DBConnection;
import util.DataList;

/**
 * Servlet implementation class Login
 */
public class Login extends HttpServlet {

    private static final long serialVersionUID = 1L;

    /**
     * @see HttpServlet#HttpServlet()
     */
    public Login() {
        super();
    }

    /**
     * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
     *      response)
     */
    @Override
    protected void doPost(HttpServletRequest request,
            HttpServletResponse response) throws ServletException, IOException {
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        String redirectUrl = "/Error.jsp";
        try {
            Connection con = DBConnection.getConn();
            HttpSession session = request.getSession();
            if (con != null) {
                Statement statement = con.createStatement();
                ResultSet resultSet = statement.executeQuery("select * from login_details where USER_NAME='"
                        + username + "' and PASSWORD='" + password + "'");
                if (resultSet.next()) {
                    String user_id = resultSet.getString(1);
                    String fullname = resultSet.getString(5);
                    String type = resultSet.getString(4);
                    List<String> subjects = new ArrayList<String>();
                    if (Constants.Student.equalsIgnoreCase(resultSet.getString(4))) {
                        String query = "select sub.SUBJECT_FK from STREAM_YEAR_SUBJECT sub, STUDENT stud where stud.STUD_ID='" + user_id + "' "
                                + "and stud.STREAM_FK=sub.STREAM_FK and stud.YEAR_FK=sub.YEAR_FK order by sub.SUBJECT_FK";
                        resultSet = statement.executeQuery(query);

                        while (resultSet.next()) {
                            subjects.add(resultSet.getString(1));
                        }
                    } else if (Constants.Faculty.equalsIgnoreCase(resultSet.getString(4))) {
                        resultSet = statement.executeQuery("select SUBJECT_FK from FACULTY where FCLT_ID='" + user_id + "'");

                        while (resultSet.next()) {
                            subjects.add(resultSet.getString(1));
                        }
                    } else {
                        subjects.addAll(DataList.subjects);
                    }
                    LoggedUser loggedUser = new LoggedUser(user_id, username, fullname, type, subjects, password);
                    session.setAttribute("user", loggedUser);
                    redirectUrl = "/discuss.jsp";
                } else {
                    redirectUrl = "/home.jsp";
                    session.setAttribute("reg", "Login");
                }
                resultSet.close();
                statement.close();
                con.close();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        response.sendRedirect(request.getContextPath() + redirectUrl);
    }
}
